Content by Charles Sterling

Security Track

We are getting closer! Combining your input, speaker availability and their skills the list below is the result…

Thanks,

Chuck

Security Track

Protect your business with information from the experts on architecting and managing an effective defense-in-depth strategy. Learn about the latest security features in Windows Server System and how to design and deploy a secure integrated infrastructure. Understand how to implement enterprise firewall security without compromising performance; deploy a Microsoft Windows public key infrastructure and use patch management, secure remote access and networking; and drill-downs on the latest security tools and technologies. Key products covered include, Microsoft Windows Server 2003 and Small Business Server, ISA 2004, Rights Management, SQL Server, and Microsoft mobile technologies. Learn about guidance and tools that enable you to assess your network and customize your security solution.

Windows Mobile Platform Security Drilldown for the Enterprise

Anatomy of a Network Hack: How to Get Your Network Hacked in 10 Easy Steps

Securing SBS 2003 Session

Is That App Really Safe?

Debunking Security Myths

Leveraging PKI for Enterprise Solutions

Secure Remote Access

Authentication is strange

Understanding and Fighting Malware: Viruses, Spyware and Rootkits

Secret Internet Explorer

RMS SP1: Implementing Privacy Solutions

Implementing Windows Update Services in the Branch Office

Server and Domain Isolation: The Next Big Thing in Security and Infrastructure Integrity Assurance

Migrating from SUS to WSUS

Defending Against Layer 8: How to Recognize and Combat Social Engineering

Title: Windows Mobile Platform Security Drilldown for the Enterprise

Abstract:Learn about Windows Mobile security features from the Enterprise perspective. This session covers how identified security threats are mitigated utilizing Windows Mobile platform security components. Best practices for network and mobile security with Windows Mobile-based devices are also discussed.

Australian Speaker:Nick Torkington

New Zealand Speaker:Nick Torkington

Title: Windows Mobile Platform Security Drilldown for the Enterprise

Abstract:Learn about Windows Mobile security features from the Enterprise perspective. This session covers how identified security threats are mitigated utilizing Windows Mobile platform security components. Best practices for network and mobile security with Windows Mobile-based devices are also discussed.

Australian Speaker:

New Zealand Speaker:Nick Torkington

Title: Anatomy of a Network Hack: How to Get Your Network Hacked in 10 Easy Steps

Abstract:Do you think all hackers use the same techniques to break into your network? Do you think they all guess your passwords? Do you think that an unpatched vulnerability is the only way to compromise your domain controllers?Come to this session and watch Jesper Johansson demonstrate how a successful attack is used to compromise your network. Learn how attackers use these techniques, and how to prevent them. The techniques may surprise you, but you will be much more able to Protect Your Windows Network, once you understand them.

Australian Speaker:Jesper Johansson

New Zealand Speaker:Jesper Johansson

Title: Securing SBS 2003

Abstract:

Australian Speaker:Wayne Small

New Zealand Speaker:?

Title: Is That App Really Safe?

Abstract:How many times has a vendor told you that “Sure this app is safe. We use encryption.” But is it possible to really know whether the app is safe without performing a full analysis? Yes, there are some red flags that you should look out for. This session shows you how. We cannot make application penetration testers out of you in this short time but we can at least teach you about the glaring holes you should look for. We will cover how to perform analysis on common off-the-shelf (COTS) software, such as enterprise services, web sites, any application that talks to database servers, and other software. We can’t tell for sure that an application is safe but we can at least point out some ways it can be blatantly unsafe. Having that level of confidence is an integral part of your risk management strategy in order to Protect Your Windows Network.

Australian Speaker:Jesper Johansson

New Zealand Speaker:Jesper Johansson

Title: Debunking Security Myths

Abstract:Far too much of what we do in security does not have any real impact on security, not to mention that it does not map to any realistic threats that you have decided to mitigate as part of your overall risk management strategy. In this session, we cover the top ten things that security professionals do that do not have any real impact on security. In some cases, these steps actually have exactly the opposite effect, as they compromise confidentiality, integrity, and/or availability instead of improve it.

Australian Speaker:Jesper Johansson/Steve Riley

New Zealand Speaker:Jesper Johansson/Steve Riley

Title: Leveraging PKI for Enterprise Solutions

Abstract:Organizations that implement a Public Key Infrastructure as part of a security solution require a high leval of assurance and security in deployment. Learn about the best practices for deploying a Windows Certificate Services infrastructure in a secure manner. Learn about how to extend a PKI deployment to your extranet partners, customers and vendors. Topics include Windows XP and Windows Server 2003, CA configuration, operational best practices, system hardening and CA deployment options.

Australian Speaker:Jamie Sharp

New Zealand Speaker:Jamie Sharp

Title: Secure Remote Access

Abstract:Remote connections extend your network’s perimeter far and wide across the globe, often into networks that you know very little—or nothing—about. Because remote access to corporate networks is critical for business these days, it’s absolutely essential that you take the necessary steps to protect your own network and your remote clients from threats that lurk along the way. Basic requirements include not only strong user authentication but also knowledge of the remote computers and configurations that erect barriers against attack. Depending on the needs of your user community, some might require the flexibility of full IP-based virtual private networks (VPNs), others might need only simpler Terminal Server or web-based “remote display” access. Technologies for secure remote access include Windows Routing and Remote Access Services (RRAS), VPN quarantine, strong authentication with smart cards, securing Terminal Server over the Internet, and web-based remote access to internal services. Steve Riley will help you understand the unique security requirements for various kinds of remote access and how to deploy the appropriate technology safely, to keep your network assets and your information protected.

Australian Speaker:Steve Riley

New Zealand Speaker:Steve Riley

Title: Authentication is strange

Abstract:Got 2 factor authentication? Considering it? What ifyou could walk straight past all that expensive gear and get in with just a password anyway? There are so many standards supported, you may just find you can do more than you thought. This session looks into authentication, how it is protected and passed around. After all, it is only the single most important component of our security architecture. There is plenty of industry discussion on the security of passwords, and plenty on cracking them too. There is however a distinct lack of information and understanding of how authentication is passed between various systems on the network. SQL, IIS, HTTP, Cookies, SMB,RPC’s and Kerberos all combine to confuse the matter. Is NTLM secure? What about versions? Is clear text ok? Might sound silly, but you are likely to be suprised. How is authentication relayed between systems? What happens when you aren’t on the domain? I’ll attempt to answer all this and more as we map out who gets given the keys to the kingdom.

Abstract:In 2005, RMS is releasing Service Pack 1 aimed at enabling several new business scenarios, including deploying RMS in disconnected networks. This session presents the SP1 update and the new opportunities that are made available due to SP1, including an extended range SP1 partner solutions to include server applications and new SDK development opportunities to extend RMS.

Australian Speaker:Nick Torkington

New Zealand Speaker:Nick Torkington

Title: Implementing Windows Update Services in the Branch Office

Abstract:Windows Update Services (WUS) provides extensive improvements over Software Update Services (SUS). See common and not-so-common deployment scenarios for WUS, and learn techniques to tackle the toughest update deployment issues…all at no cost to you!

Australian Speaker:Jeff Alexander

New Zealand Speaker:Jeff Alexander

Title: Server and Domain Isolation: The Next Big Thing in Security and Infrastructure Integrity Assurance

Abstract:Got any unmanaged—or, worse, rogue—machines on your network? Of course you do, unless you’ve consciously built the right technologies into your network to reduce and perhaps even eliminate them. By using Active Directory and IPsec to build an environment that requires domain membership, just like Microsoft’s own IT, you can restrict network communications to domain managed machines—thereby creating trusted zones that are far more secure than other methods deployed today. Steve Riley will explain in detail how to use this capability that’s available to you today in Windows 2000, Windows XP, and Windows Server 2003. Included also is a preview of future uses of IPsec, including becoming the enforcement mechanism for Network Access Protection.

Australian Speaker:Steve Riley

New Zealand Speaker:Steve Riley

Title: Migrating from SUS to WSUS

Abstract:Many customers today use Software Update Services to deploy Windows updates across their businesses. Learn how to upgrade from SUS to Windows Update Services, the next version of SUS, to reap the benefits of the enhanced capabilities and broadened application support. Learn best practices and pitfalls to watch out for to help you upgrade seamlessly.

Australian Speaker:Scott Korman/Jeff Alexander

New Zealand Speaker:Scott Korman/Jeff Alexander

Title: Defending Against Layer 8: How to Recognize and Combat Social Engineering